diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpecBuilder.java b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpecBuilder.java index 2d7010d8..559dd3ce 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpecBuilder.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpecBuilder.java @@ -64,6 +64,11 @@ public class KeySpecBuilder implements KeySpecBuilderInterface { @Override public KeySpecBuilder overridePreferredSymmetricKeyAlgorithms( @Nonnull SymmetricKeyAlgorithm... preferredSymmetricKeyAlgorithms) { + for (SymmetricKeyAlgorithm algo : preferredSymmetricKeyAlgorithms) { + if (algo == SymmetricKeyAlgorithm.NULL) { + throw new IllegalArgumentException("NULL (unencrypted) is an invalid symmetric key algorithm preference."); + } + } this.preferredSymmetricAlgorithms = new LinkedHashSet<>(Arrays.asList(preferredSymmetricKeyAlgorithms)); return this; } diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/generation/StupidAlgorithmPreferenceEncryptionTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/generation/StupidAlgorithmPreferenceEncryptionTest.java index 42aa0856..19d5fdd1 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/StupidAlgorithmPreferenceEncryptionTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/StupidAlgorithmPreferenceEncryptionTest.java @@ -9,20 +9,34 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; +import org.pgpainless.algorithm.KeyFlag; +import org.pgpainless.algorithm.SymmetricKeyAlgorithm; import org.pgpainless.encryption_signing.EncryptionOptions; import org.pgpainless.encryption_signing.EncryptionResult; import org.pgpainless.encryption_signing.EncryptionStream; import org.pgpainless.encryption_signing.ProducerOptions; +import org.pgpainless.key.generation.type.KeyType; +import org.pgpainless.key.generation.type.rsa.RsaLength; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; public class StupidAlgorithmPreferenceEncryptionTest { + @Test + public void testPreventUnencryptedAlgorithmPreferenceDuringKeyGeneration() { + KeySpecBuilder specBuilder = KeySpec.getBuilder(KeyType.RSA(RsaLength._4096), KeyFlag.CERTIFY_OTHER); + assertThrows(IllegalArgumentException.class, () -> + specBuilder.overridePreferredSymmetricKeyAlgorithms( + SymmetricKeyAlgorithm.AES_256, SymmetricKeyAlgorithm.AES_192, + SymmetricKeyAlgorithm.AES_128, SymmetricKeyAlgorithm.NULL)); + } + // RSA key with symmetric algorithm preference "NULL" (unencrypted). private static final String STUPID_KEY = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" + "Version: PGPainless\n" +